Overview

overview

10

Static

static

3

28e594119e...85.dll

windows7-x64

10

28e594119e...85.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 04:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28e594119e5081ef5504e241e4c72285.dll

  • Size

    823KB

  • MD5

    28e594119e5081ef5504e241e4c72285

  • SHA1

    794e8eae373570e15b563a0d3ae1ee042a64c313

  • SHA256

    a84ce5f878d308a093823b638d997e9081a4aaae4ed8bfcad3372f99942de223

  • SHA512

    6f91135533ed3e5c2294abcf631cee5e2b2f775b491ed5ca142f290653993edddac471822c4c6d2323ea0babab6dd403b04e06fbe51fbe9111c051f11422c57d

  • SSDEEP

    12288:/pUcS4hKZz2f3ssC0CpK54o5FWXgiq1MNQGW0wTX8Uo/XE5Uf5VVVVJDgZh:/pFBEWss7mKSqQtiKvwr8UIEeDg

Score
10/10
hancitor1908_jkdsfdownloader

Malware Config

Extracted

Family

hancitor

Botnet

1908_jkdsf

C2

http://thookedaurce.com/8/forum.php

http://foolockpary.ru/8/forum.php

http://usitemithe.ru/8/forum.php

Signatures

  • Hancitor

    Hancitor is downloader used to deliver other malware families.

    downloaderhancitor
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\28e594119e5081ef5504e241e4c72285.dll,#1
    1⤵
      PID:4808
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 676
        2⤵
        • Program crash
        PID:4716
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\28e594119e5081ef5504e241e4c72285.dll,#1
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4052
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4808 -ip 4808
      1⤵
        PID:1964

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4808-0-0x0000000002250000-0x0000000002322000-memory.dmp
        Filesize

        840KB

        Download
      • memory/4808-2-0x0000000002370000-0x000000000237A000-memory.dmp
        Filesize

        40KB

        Download
      • memory/4808-1-0x0000000002350000-0x0000000002358000-memory.dmp
        Filesize

        32KB

        Download
      • memory/4808-4-0x0000000002350000-0x0000000002358000-memory.dmp
        Filesize

        32KB

        Download
      • memory/4808-3-0x0000000002250000-0x0000000002322000-memory.dmp
        Filesize

        840KB

        Download